Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts
Nitesh Dhanjani's 2015 O'Reilly book Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts is a very practical existence-proof of the inadequacy and urgency of Internet of Things security.
The usual O'Reilly book is a kind of cook-book for accomplishing normal technical tasks, each recipe serving to illustrate broader technical principles. Millions of skilled technical people have followed the steps in O'Reilly books to master Perl and Ruby and Python, become master network administrators, or just master shell scripting.
Abusing the Internet of Things is structured just like one of those cookbooks, only the recipes explain the (relatively simple) steps you need take to compromise everything from a smart lightbulb -- one recipe explains how to plunge a smart lighting system into permanent, irrevocable darkness -- to a smart baby-monitor (this was published months before a family in San Francisco woke to discover a griefer terrorizing their toddler through his bedside monitor) to a smart TV to -- what else? -- a smart car.
In so doing, Dhanjani -- who has presented widely on the subject, including an excellent talk at Black Hat Asia -- illustrates the utter shoddiness of IoT security, and incontrovertibly illustrates the risks from bad information security when every corner of our homes is infiltrated by computers.
But this isn't just a cautionary tale. After walking the reader through a series of examples, complete with source-code and exercises for the student, Dhanjani flips the script, and uses all he's discussed to build a secure, smart doorbell that's connected to the public Internet, with security in it by design. The distance between the approach in this exercise and the approaches taken by the vendors Dhanjani outs as security bumblers is the clincher, the proof that the things you buy are broken because no one cared enough about them to make them hard to break.
Two final chapters sum up the scenarios for future IoT attacks, and dramatize the institutional processes that produce such poor quality devices for our consumption.
The book is written in a spritely, writerly fashion, with many grace notes and interesting case studies -- including an account of how you could use someone's hacked email account to steal their Tesla automobile.
This book is a marvellous thing: an important intervention in the policy debate about information security and a practical text for people trying to improve the situation.
Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts [Nitesh Dhanjani/O'Reilly]
(Image: "Activate the world" (or: what "mobile" really means), Mike, CC-BY)
The following are pioneering animator and Studio Ghibli director Hayao Miyazaki’s (My Neighbor Totoro, Spirited Away, etc.) top ten favorite books for young people: 1. The Borrowers — Mary Norton 2. The Little Prince — Antoine de Saint-Exupéry 3. Children of Noisy Village — Astrid Lindgren 4. When Marnie Was There — Joan G. Robinson […]
Fandom Jesus is no match for canon Jesus, and a Tyrannosaurus Rex is no match for fandom Noah in this meticulously faithful retelling of the Bible’s greatest ark-builder.
Most of us vastly overestimate our understanding of how things work. We think we know more than we do. Why? Because we get by with a little help from our friends. (Sorry.) Cognitive scientists Steven Sloman and Philip Fernbach explore why we think we’re so smart in a new book titled The Knowledge Illusion: Why […]
If you struggle to get a good night’s rest, consider replacing your pillows before dropping hundreds on a new mattress. You can give your tired neck a break with a 2-pack of memory foam pillows, available now in the Boing Boing Store.Each of these pillows is stuffed with cooling polyurethane foam that molds to your […]
Although flagship smartphones are unlikely to adopt heavy-duty outer casing anytime soon, you can always prepare your device for the outdoors with a beefy case and and an external battery like this Nomad Tile Trackable PowerPack, available in the Boing Boing Store for $119.95.The Nomad Tile can fully recharge an iPhone 7 over three times […]
Even though credit cards now feature an EMV chip for securing transactions, they still have to include the magnetic strip for compatibility with older point of sale systems. Because of this, there’s no way for the chip’s new security capabilities to protect against card skimmers in the wild.How do you protect yourself from legacy-technology-induced fraud? […]